yes, that part, dkimbase reference to not include return-path as part of the
signature data, because it is likely to be modified during transit.
----- Original Message -----
From: "Dave CROCKER" <dhc(_at_)dcrocker(_dot_)net>
To: "Franck Martin" <franck(_at_)avonsys(_dot_)com>
Cc: dcrocker(_at_)bbiw(_dot_)net, "Anti-Spam Research Group - IRTF"
<asrg(_at_)irtf(_dot_)org>
Sent: Tuesday, 13 January, 2009 9:15:25 AM (GMT+1200) Auto-Detected
Subject: Re: [Asrg] where the message originated
Franck Martin wrote:
I have run a series of tests, where I sign a message (sent by me) but with
only the Return-path containing my domain (DKIM does not sign the return-path
as recommended in the spec).
DKIM has nothing to do with the rfc5321.MailFrom address or anything else in
SMTP. It is a message-level mechanism, not transfer-level.
The dkimbase signing specification's reference to return-path cautions
*against*
including it as part of the signature data.
What are you referring to about "as recommended in the spec"?
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg